package cn.jbooter.shiro.autoconfigure.config;

import java.util.List;

import org.apache.shiro.cache.CacheManager;
import org.apache.shiro.mgt.RememberMeManager;
import org.apache.shiro.mgt.SecurityManager;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;

public class ShiroConfiguration {
	private static final Logger logger = LoggerFactory.getLogger(ShiroConfiguration.class);
	
	@Autowired 
	private List<Realm> realms;
	@Autowired(required=false) 
	private CacheManager cacheManager;
	@Autowired(required=false) 
	private RememberMeManager rememberMeManager;
	
	 /**
     * shiro安全管理器
     * 默认使用ModularRealmAuthenticator和AtLeastOneSuccessfulStrategy
     * @param realms
     * @return
     */
    @Bean
    public SecurityManager securityManager() {
    	DefaultWebSecurityManager securityManager = new DefaultWebSecurityManager();
    	securityManager.setRealms(realms);
    	if(rememberMeManager!=null) {
    		securityManager.setRememberMeManager(rememberMeManager);
    	}else {
    		logger.info(">>>>>> no config shiro rememberMeManager .");
    	}
    	if(cacheManager!=null) {
    		securityManager.setCacheManager(cacheManager);
    	}else {
    		logger.info(">>>>>> no config shiro cacheManager .");
    	}
    	//此处不设置sessionManager, DefaultWebSecurityManager构造方法会
    	//默认使用ServletContainerSessionManager用于Web环境,其直接使用Servlet容器的会话
    	//securityManager.setSessionManager(sessionManager);
        return securityManager;
    }
    
}
